[Openstack-security] [Bug 1818239] Re: scheduler: build failure high negative weighting
Since this has come up again in bug 1581977 as representing a security-
related concern, I'm adding the security bugtag to it for increased
visibility. Note this is not the same as treating it as a security
vulnerability, and I don't have the impression that any CVE assignment
or security advisory is warranted for this.
** Information type changed from Public Security to Public
** Also affects: ossa
** Changed in: ossa
Status: New => Won't Fix
** Tags added: security
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
scheduler: build failure high negative weighting
Status in OpenStack nova-cloud-controller charm:
Status in OpenStack Compute (nova):
Status in OpenStack Security Advisory:
Status in nova package in Ubuntu:
Whilst debugging a Queens cloud which seems to be landing all new
instances on 3 out of 9 hypervisors (which resulted in three very
heavily overloaded servers) I noticed that the weighting of the build
failure weighter is -1000000.0 * number of failures:
This means that a server which has any sort of build failure instantly
drops to the bottom of the weighed list of hypervisors for scheduling
Why might a instance fail to build? Could be a timeout due to load,
might also be due to a bad image (one that won't actually boot under
qemu). This second cause could be triggered by an end user of the
cloud inadvertently causing all instances to be pushed to a small
subset of hypervisors (which is what I think happened in our case).
This feels like quite a dangerous default to have given the potential
to DOS hypervisors intentionally or otherwise.
DistroRelease: Ubuntu 18.04
Package: nova-scheduler 2:17.0.7-0ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-43.46-generic 4.15.18
Uname: Linux 4.15.0-43-generic x86_64
Date: Fri Mar 1 13:57:39 2019
NovaConf: Error: [Errno 13] Permission denied: '/etc/nova/nova.conf'
PATH=(custom, no user)
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to: